Endpoint Security: The Key to Combatting Sophisticated CTAs

If you're like other U.S. State, Local, Tribal, and Territorial (SLTT) organizations, you face a stark challenge in mounting a proper defense against cyber threat actors (CTAs), whose attacks continue to increase in sophistication and volume. The contemporary remote and hybrid work models further complicate your cybersecurity program, widening the attack surface and complicating your security team's job of endpoint protection and vulnerability management.

To help you overcome this challenge, the Center for Internet Security (CIS) has partnered with CrowdStrike, an industry leader in endpoint protection, to offer you CIS Endpoint Security Services (CIS ESS), a fully managed endpoint protection solution. CIS ESS strengthens your endpoint security while relieving your teams of tedious work. It also offers access to ESS Spotlight and ESS Mobile, additional capabilities you can use to streamline your vulnerability management processes and gain real-time visibility into your mobile devices.

Protect All Devices Regardless of Their Network Connections

CIS ESS offers a Managed Detection and Response (MDR) solution that features a full-time cybersecurity defense partnership with the CIS Security Operations Center (SOC). As a function of our MDR, the CIS SOC continuously monitors and manages CIS ESS software by analyzing malicious activity, escalating actionable threats to you, and removing false positives so that you can save your time for things that matter. The CIS SOC runs continuous operations 24x7x365, so it's around to monitor your endpoints even when your cybersecurity staff is not. What's more, the CIS SOC has one of the most complete data sets in the industry related to threats facing U.S. SLTT organizations, including non-public known threats. This means you receive protection from a service that's specifically tailored to you.

CIS ESS ultimately consists of a solution that is deployed directly on your endpoint devices to help you identify, detect, respond to, and remediate security incidents and alerts. It includes various ways to protect endpoints, such as Next Generation Antivirus (NGAV), Endpoint Detection and Response (EDR), enterprise asset and software inventory, USB device monitoring, user account monitoring, and host-based firewall management. These capabilities can complement other security measures you already have in place.

By deploying CIS ESS directly on your workstations, servers, and other endpoints, you can use it to address threats that some of your other measures can't. CIS ESS can provide optimal protection against cybersecurity threats for all SLTT endpoints, including the 14 million belonging to our 14,000 supported organizations that operate in both remote and hybrid work environments. It does this by safeguarding your devices regardless of whether they're connected to networks in offices, homes, coffee shops, or any other remote location.

Five-Pronged Endpoint Security

Stop an Attack in Its Tracks

CIS ESS defends against cybersecurity threats by helping you actively mitigate and remediate malware affecting your devices. It can stop an attack in its tracks upon identifying a threat on one of your endpoints. CIS ESS doesn’t just block malicious activity; it can kill or quarantine files through the NGAV component.

Want to learn more about CIS ESS? Check out our video below.



Block Threats You Don't Even Know About

For adequate endpoint protection, you need to be able to block known (signature-based) and unknown (behavioral-based) malicious activity. But you can't know every threat confronting your organization. The threat landscape is constantly changing, and you don't have time to stay on top of every new threat.

Fortunately, CIS ESS can protect you against unknown threats by looking for and detecting unusual behavior on devices. In doing so, it takes the manual effort out of defending against new threats as they arise. This means more time and resources for other parts of your cybersecurity program.

Let's remember what you're up against. CTAs operate with increasing sophistication, using crypto-ransomware and other malware to bypass your cybersecurity measures. Network-based cybersecurity measures can't “see” encrypted traffic. But CIS ESS can. It can detect and defend against such traffic once it becomes decrypted at the endpoint.

Work with Trusted Cybersecurity Defensive Partners

Working with the CIS SOC isn't the only cybersecurity partner available through our MDR solution. Another is NGAV; a core capability of CIS ESS, this offering protects you against security issues before they develop into incidents. Whatever your size or resources, you can use the various options within CIS ESS to tailor a protection profile that meets your needs – even if you're on a limited cybersecurity budget.

Additionally, you can use CIS ESS to request the assistance of our Cyber Incident Response Team (CIRT) when you experience a cyber incident. Our CIRT analysts can reach directly into an affected system and conduct digital forensics remotely. They can then acquire evidence to uncover what happened and perform analysis to determine the root cause, the scope of the incident, attack methodologies, and other information that you can use to remediate the incident and prevent a similar one from occurring in the future.

Achieve Another Level of Vulnerability Management

CIS ESS can now be paired with Spotlight to provide your security team greater visibility and management capabilities of vulnerabilities on endpoints across your environment. ESS Spotlight is a low-cost vulnerability management service that arms security teams with real-time assessment of vulnerability exposure on their endpoints through a scan-less, single lightweight agent.

Legacy vulnerability management tools are useful only to an extent. They require you to run a scan every time you want to find a vulnerability. If the scan uncovers a vulnerability, the tools only let you know where the issue resides. This puts the onus on you to maintain a regular vulnerability scanning schedule and to know how to fix a vulnerability when it arises.

None of this is the case with Spotlight. It doesn't rely on scheduled scans to spot vulnerabilities. Instead, it continuously monitors your systems and their data for vulnerabilities in real time. It then follows up by providing immediate protection against vulnerabilities. This makes it more difficult for CTAs to find and exploit known weaknesses in your systems, thus complicating their efforts to establish an initial foothold in your network.

Proactively Protect Your Mobile Devices

Your endpoint security strategy wouldn't be complete without insight into your mobile devices. This is where ESS Mobile comes in. Available as a stand-alone option or an add-on module, ESS Mobile helps to illuminate blind spots in your threat detection approach across your managed Android and iOS devices in real time. You can then use the intelligence yielded by ESS Mobile's automated threat protection to quickly mitigate potential mobile threats.

ESS Mobile is designed with your users in mind. Its privacy-centric design supports your risk mitigation efforts without compromising user privacy. It also produces a net-zero impact on battery life and bandwidth usage, which means users don't need to change the way they interact with or perform work-related functions on their managed devices. Finally, ESS Mobile seamlessly integrates into your existing mobile device management (MDM) solution and features a zero-touch enrollment process, helping you to scale your mobile security program according to your needs.

Meet Your Endpoint Security Needs with CIS ESS

Endpoint security is a vital component of defending against sophisticated CTAs. Through CIS ESS along with its additional ESS Spotlight and ESS Mobile capabilities, you can take advantage of a competitively-priced, fully-managed and monitored endpoint protection solution that is specifically tailored to meet the needs of organizations like yours and save your teams time.